Your American tax dollars (and login credentials) at work.

Earlier this year, pen-testers hired by the Internal Revenue Service attempted a time-worn attack as part of their assignment: They phoned up 102 people who work at an IRS office while pretending to be tech support and asked them for their usernames. The people called were also asked if they could temporarily change their passwords to something simple (love? sex? secret? god?) as part of a troubleshooting effort.

61 of the 102 people complied with the request of complete and total strangers. If this hadn't been a pen-test, those office networks would have been sitting ducks. Only eight people called …

Read more...